The short version
The strongest setup is intentionally small: few keys, exact destinations, narrow roles, bounded traffic, sanitized evidence, and a rehearsed way to revoke access.
01
Separate every trust boundary
Use distinct workspaces, keys, and member roles for environments or teams that should not share access. Never use a workspace role as a substitute for platform administration.
Keep the ThrottleProxy API key separate from every upstream provider credential.
02
Minimize destinations and traffic
Prefer exact hosts, review wildcards, and remove unused destinations. Private targets, metadata services, local names, unsafe ports, and reserved addresses are blocked, but a narrow allowlist still reduces mistakes.
Start with conservative request volume and payload size. Queue, concurrency, body, response, idle, and absolute limits are protective boundaries rather than capacity promises.
03
Keep support and diagnostic evidence sanitized
Share timestamps, high-level status, route stage, browser context, and sanitized correlation IDs. Do not share API keys, Authorization or Cookie headers, invitation links, raw bodies, query values, or personal data.
Customer-facing request timelines remain previews. Global diagnostic routes remain platform-admin/internal operations.
04
Respond quickly to suspected exposure
Deactivate affected keys, suspend questionable workspace access, revoke pending invitations, and stop traffic when necessary. Preserve sanitized timestamps and correlation context.
Escalate security concerns through the support path. Never include the suspected secret itself in the first report.
Before you move on
- Keys are unique per application or environment
- Hosts are exact and reviewed
- Members hold the narrowest role they need
- Invitation links are transient and recipient-specific
- Evidence is sanitized before sharing
- Revocation and escalation steps are understood